Home GnuPG
Diffusion GnuPG 824d88ac51b4

gpg: Prevent an invalid memory read using a garbled keyring.
824d88ac51b4Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.

The keyring DB code did not reject packets which don't belong into a
keyring. If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)

  • Reported-by: Hanno Böck <hanno@hboeck.de>

Details

Provenance
wernerAuthored on Feb 12 2015, 6:58 PM
Parents
rG8da836e76f13: gpg: Fix a NULL-deref in export due to invalid packet lengths.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG824d88ac51b4: gpg: Prevent an invalid memory read using a garbled keyring. (authored by Werner Koch <wk@gnupg.org>).Feb 12 2015, 6:58 PM

Changes (1)

PathSize
g10/

rG824d88ac51b4

View Options

g10/keyring.c

Loading...